Lock ID Yahoo Messenger: How to Unlock your Locked ID?

Lock ID means that your ID of Yahoo Messenger cannot be used anymore caused by someone who lock your ID. When you ID got locked, you will never be able to join or login to yahoo messenger. It mean, when you try to type your ID and type your password in chat client such as official chat client of yahoo messenger the error message will arise. Usually the error told that your password or username is incorrect.



You are being in chat room. Than suddenly, your got disconnected. When you try to login with your password and ID, the error that I told above appear. It may be you got locked. Lock ID work to lock you ID or username because you have a weak password, so whit a little iterations your password got locked. However, you will never got locked if you never online or login to yahoo messenger. Lock ID usually working if you are online.



How to unlock your ID if you got locked? You can find or search the software or tool to unlock your password again. However, if the ID or username not online, it usually the software not working that mean the unlocking doesn’t work.



For that reason, I will not share or give a link of download unlock ID software because, I am not guarantee the software work well. The best attempt to unlock your ID is, try to login not by yahoo messenger, but by mail of yahoo which has a same user name and password that been locked. Sometime, this step worked, but make sure after your login to yahoo mail and success, you have to change your password with new password, and then you can login to yahoo messenger with new password that you just been created. If you try to send a complain to the contact of yahoo messenger, It will useless. Yahoo doesn’t care what happen to your if you go locked.



To protect your ID or to prevent Lock ID, you must have a strong password. I will suggest you to not chat with your primary email in yahoo messenger. Sometime yahoo makes a prohibition to some of ID. This mean your ID can be banned by yahoo and your ID never be join to yahoo messenger or yahoo email again.



To create a strong password you must use all character who listed in your keyboard. Such as uppercase, number, and symbol. You must be create password which have not less 8 character or more. Here I give you an example a strong password: H4rP3 ^&* (with 3 space on it). To make a better password work well, you have to change your password frequently: 3 week or 3 month, depending how strong and important your password is.

Read More

Make Internet Calls from Computer PC to Phone Free Services Include

Below is the list (Website and Tools) how you can make a call to phone including mobile phone or home phone that you can do from you computer just only using Internet. That means you don’t use a cellphone or handphone or any phone, you just use Internet Connection and you desktop or Laptop or NoteBook or NetBook  computer

• Magic Jack - Most Call are Free .


• Skype - PC to PC aka skype
  
  to Skype Free Call, Need Charge for pc to Phone but cheaper that Phone to Phone


• Yahoo! Voice - PC to PC Free using Yahoo Messenger Voice Talk, Need Charge for PC to Mobile Phone and else but in low cost


• PalTalk - PC to PC and als PC to Phone


• BuddyTalk


• JaJah


• DukaDial - North America Free Call


• Voipcheap - Free Internet Calls (Limited)


• sharpVoice


• iConnectHere = PC to Pnone Calls


• PC2Call - Prepaid Calls


• YouTring - Free PC to PC, Cheap PC to Phone, International Calls available.


• EvaPhone - Free VoiP Service PC to Cell Phone Home Phone all over the World


• Net2Phone

Read More

How to get back your lost usb -USB Lost and Found

USB Lost and Found is a tool to setup your USB drive to keep unauthorized users from keeping your USB drive if it were to be lost. USB Lost and Found has two methods of telling unauthorized users to return it. The first method is the Message method which when the user tries to use your USB drive it comes up with a message box that tells them to return it, along with your contact information, and denies access to the USB drive. The second method, which only comes with the Pro version, is called Lock Down. Lock Down immediately locks the user's computer when the USB drive is accessed, covering the whole screen and denying access.

Message method:

Lock Down method (Pro version only):

-Download/Version-

· This version of USB Lost and Found is currently 1.1

· You can download the Free version here. (1.2MB file)

· You can buy the Pro version below

-Requirements-

· Personal computer with Windows 2000/XP/Server/Vista

-Release Notes-

· 1.1:

· Redesigned installer

· Redesigned unlocking system

· Fixed Pro version password on Message selection bug

· 1.0:

· Publicly Released

-Features-

· Free version only has the Message method.

· Pro version has the Message method and the Lock Down method.

· Tricks users to not open it with AutoPlay and run Lock Down/Message.

· Double clicking the USB drive in My Computer causes Lock Down/Message to run.

· Fine with many Anti-viruses.

      Disclaimer: This software is shareware, if you liked it, buy the Pro version. The creator and contributors are not responsible with your actions with any of this software, and cannot be held accountable for any of it. You are not allowed to redistribute this software without Skyler Lyon's permission and consent. By using this software you agree to these terms.

[ Download USB Lost and Found ]

Read More

How to delete duplicate Wordpress posts

It can also used to delete the duplicate posts by wp-o-matic



I recently ran into trouble with a Wordpress installation of mine, where a homemade script went totally overboard, and never stopped running, adding posts to the database. Over a few days it added close to 9.000 posts, of which all were duplicates.

After a bit of searching I found the problem, but getting into the database to clean up was a bit of a problem, since the script was still running. I had to remove the script totally from my install in order to stop it!





After a bit of google search i found this trick its working 100% i tried with wordpress 2.6





login in to your  cpanel and go to the phpmyadmin  and select the your wordpress database and run this script in the  query window

DELETE bad_rows.*

from wp_posts as bad_rows

inner join (

select post_title, MIN(id) as min_id

from wp_posts

group by post_title

having count(*) > 1

) as good_rows on good_rows.post_title = bad_rows.post_title

and good_rows.min_id <> bad_rows.id

after deleting the posts u can  prevent the  duplicate post by Wp-o-matic

1. Open up wp-includes/post.php in your favorite editor


2. at approx line 703 you will find the following line :
   
   if ($post_name_check || in_array($post_name, $wp_rewrite->feeds) ) {


3. After this insert a new line of code :
   
   return 0;


4. save (you did make a backup, right?).


5. All done.

Read More

Microsoft confirms that all versions of IE have critical new bug

It adds IE6 and IE8 Beta 2 to the list, recommends disabling .dll to stay safe 

The unpatched bug in Internet Explorer 7 (IE7) that hackers are now exploiting also exists in older versions of the browser, including the still-widely-used IE6, Microsoft Corp. said late yesterday. Today, a Danish security researcher added that Microsoft's original countermeasure advice was insufficient and recommended that users take one of the new steps the company spelled out.

In a revised security advisory, Microsoft said research confirmed that the bug is within all its browsers, including those it currently supports -- IE5.01, IE6 and IE7 -- as well as IE8 Beta 2, a preview version that the company doesn't support through normal channels.

Users running any of those browsers on Windows 2000, XP, Vista, Server 2003 or Server 2008 are at risk, Microsoft said.

Even so, the company continued to downplay the severity of the threat. "At this time, we are aware only of limited attacks that attempt to use this vulnerability against Windows Internet Explorer 7," said the advisory.

Microsoft also spelled out the root of the problem, saying that the bug is in IE's data binding functionality and, contrary to earlier reports by independent security researchers, not in the HTML rendering code.

"The vulnerability exists as an invalid pointer reference in the data-binding function of Internet Explorer," said Microsoft. "When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object's memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable."

Microsoft also hinted that the "oledb32.dll" file contains the bug when it added a recommendation that users disable or cripple the .dll's function as a stopgap measure. Oledb32.dll is a component of Microsoft Data Access, a collection of technologies for accessing different types of data in a uniform fashion. "OLEDB" stands for "Object Linking and Embedding, Database."

Copenhagen-based Secunia APS claimed that its research, which it said has been passed along to Microsoft, identified the vulnerability's true nature. "After having published our initial advisory concerning this [zero-day exploit], one of my guys was therefore tasked with figuring out the exact nature of the problem," said Carsten Eiram, chief security specialist at Secunia, in a post to the security company's blog early Friday. "It turned out that a lot of available information and assumptions were wrong."

Among those, said Eiram, was the belief that the vulnerability existed only in IE7 and was related to XML processing -- as some, including Secunia, first thought.

Also incorrect, or at least partly so, is the idea that setting IE's Internet security zone to "High" and disabling scripting will keep one safe from attack, added Eiram. "Technically no ... it is still possible to trigger the vulnerability," he said. "However, it does make exploitation trickier as it protects against attacks using scripting."





source: computerworld

Read More

Google Chrome is now out of Beta

I know that most people arent really lining up to care about this but Google Chrome has finally come out of beta.  Now why is that really a big deal? Well thats because it seems like Google never takes anything out of beta. So why are they starting now. Also what is Google"s plan for this browser?  I really like potential for spyware protection and security but what else?



I have to admit after being out just 100 days of development and achieving 10 million active users around the globe, Google deserved to remove the “Beta” label from their software. I think we are just owed a bit of an explanation. I am sure that is what Mozilla Firefox is lookin for. If i was them I would be shaking right about now. The Chrome user base is probably made up of almost all Firefox users.



Some of the upcoming features that Gogole is working on includes RSS support, form auto-fill, extensions, bug fixes, security patches, etc. The adoption of the extension system by developers could also play a major role in eroding even more marketshare from Firefox. Lets see where Google goes now that Chrome is out of beta.

Read More

How to Use and Turn on GMail to send free SMS

Google is giving the whole SMS through Gmail thing a second try. The  Gmail Labs feature that lets people send text messages to people's mobile phones was originally taken off of line because Google was not able to figure out some of the issues with the SMS gateway they were using.  "A few weeks back, we ran into a few snags when we first started rolling this out, but starting today you can turn on text messaging for chat," said Leo Dirac, a Google product manager, in a blog post Wednesday.

Right now Google has decided to only treat the US crowd with the ability to send sms messages from inside of GMail,  But I think that is just do to the logistics and trying to control the amount of load that the service will be generating.  Google will not want to pull the service for a second time since people will most likely become frustrated with the service and adoption will be impeded.

Just like all features that Google enables.  They first must be enabled by going into the settings of your of your Gmail account.

Ok so the first thing that you have to do is enable the "Text Messaging in Chat" option inside of your Gmail account.  Login to your Gmail account and then in the upper right hand corner click on the link that says "Settings".  Now this will open up the settings tab for your account. Now click on the tab that says "Labs" which is right next to "Themes" and "Web Clips" in your Gmail account.  Inside of the Labs section you are going to see a number of features that Google is releasing but I guess they don't feel is ready for primetime. Here is where you can enable the "Text Messaging in Chat Feature" Now this feature will be enabled on the left hand side inside of the window that you normally use when chatting.  Pretty simple.  Now you can send chat messages to your friends phones and they will be automatically converted to SMS messages.  When they respond they show up inside your chat window.  Same as any othe Google chat user.

Now your friends arent going to see your name inside of the message.  Instead they are going to see a "406" area code number.  This is a unique ID .  So they can add it to there phone and text back to you whenever they want.  Its is a great setup.

Read More

Sapyto v0.98 Released - SAP Penetration Testing Framework Tool

sapyto is the first SAP Penetration Testing Framework, sapyto provides support to information security professionals in SAP platform discovery, investigation and exploitation activities.

sapyto is periodically updated with the outcome of the deep research on the various security aspects in SAP systems.



Although sapyto is a versatile and powerful tool, it is of major importance for it to be used by consultants who are highly skilled and specialized in its usage, preventing any interference with your organization’s usual SAP operation.

New in This Version

This version is mainly a complete re-design of sapyto’s core and architecture to support future releases. Some of the new features now available are:

• Target configuration is now based on “connectors”, which represent different ways to communicate with SAP services and components. This makes the
  
  framework extensible to handle new types of connections to SAP platforms.


• Plugins are now divided in three categories: Discovery, Audit & Exploit.


• Exploit plugins now generate shells and/or sapytoAgent objects.


• New plugins!: User account bruteforcing, client enumeration, SAProuter assessment, and more…


• Plugin-developer interface drastically simplified and improved.


• New command switches to allow the configuration of targets/scripts/output independently.


• Installation process and general documentation improved.

You can download sapyto v0.98 here (you may have to fill in a form):

sapyto Public Edition (v0.98)

Read More

World First Wireless USB Hub

Finally Ratoc Systems Int. which is based in Japan released the first wireless USB hub. Named REX-WUSB1 and the price of this device is 345$

The kit contains a  wireless card put into the PC card slot and a hub that can also be plugged into the computer for non wireless use. The hub has three USB ports, But you can this wireless usb hub with only and Win XP and Win Vista.

It transfer Data with amazing speed that is near about 480Mbps for the USB 2.0 and wireless speed is also about 400-450 It will be helpful when you don’t have to move around three hard drives just to be able to plug them into a USB hub

Read More

Firefox issues eight patches for Web browser

Mozilla has issued eight patches for its Firefox Web browser, three of which fix problems classified as critical.

The patches come after security experts have recommended using a browser other than Microsoft's Internet Explorer 7 and older versions of IE due to a dangerous vulnerability. Microsoft is due to release an emergency patch for that problem Wednesday.

HP Polyserve software for SQL Server: Download now

Two of the critical Firefox problems could allow an attacker execute a cross-site scripting attack, in which scripts or commands from one Web application that shouldn't run in another are successfully executed. The third problem relates to Firefox's browser engine, and could make it crash or possibly allow someone to remotely execute code on a PC, Mozilla said in its advisory.

Mozilla defines a critical vulnerability as one that could allow an attacker to run code on a machine in the course of normal Web browsing.



The patches are for Firefox version numbers 3.04 and 2.0.0.18. Mozilla has said this round of patches will be the last for Firefox 2, which it will now stop supporting. The update also removes the phishing filter in Firefox 2 because the browser uses an outdated version of a protocol used to import a blocklist of phishing sites supplied by Google. Firefox 2 users are being promoted to upgrade to Firefox 3.

Firefox's auto-update mechanism should automatically download these latest patches, and users will be prompted to restart the browser to complete the process.

Read More

How to Delete Files Permanently from the Computer

When you delete a file from your computer, it moves to the Windows Recycle Bin. You empty the Recycle Bin and so many might think that the file is permanently erased from the hard drive.



 but its worng! When you delete files or folders, the data is not initially removed from the hard disk. Instead, the space on the disk that was occupied by the deleted data is "deallocated." After it is deallocated, the space is available for use when new data is written to the disk. Until the space is overwritten, it is possible to recover the deleted data by using a data-recovery software.



To permanently erase files and prevent your confidential files from getting into wrong hands, Microsoft offers a free command line utility - SDelete (Secure Delete) - that overwrites all the free space to prevent data recovery.

You can use SDelete both to securely delete existing files , as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted)



Download SDelete  

Read More

Hoax Google Orkut message links to spread malicious Trojan

Google's social-networking Web site Orkut has been used to spread a malicious Trojan, says Websense.

Nucleus Report: Who's ready for SMB? - read this white paper.

According to an alert from the security firm, the hoax message, which has been received by a number of Orkut users and is written in Portuguese, looks like it comes from a lonely Orkut member looking for love and features a number of links that appear to point back to the social-networking site. 

However, Websense urges Orkut users not to click the links as they result in the Trojan imagem.exe being downloaded. This subsequently opens the Orkut login page while a password-stealing Trojan called msn.exe is downloaded in the background.

Read More

Useful Secrets for Social Networking Sites

Social networking websites like Orkut, Myspace, Yahoo and more are channels through which people communicate, find lost friends, tap resources, and even find work.

Online it is said to be the most vibrant and action packed space.

Online communities provide information, spur creativity, channel new designs in technology, and bring like-minded people closer to one another. From the PC or laptop a person can connect and communicate with the whole world. There are over 400 plus social networking sites online facilitating business and social networking. The online community can congregate each day 24/7 according to specific needs or interests; music, sports, gaming, trekking, every human interest or activity has spurred its own unique social networking website or channel. It is not city specific but global.

1. Join a social networking site that signifies you. Do an online search and go through the directories on social networking to identify what interests you the most.

2. Never sign up or join on an impulse take the time to read about the website and browse through many similar sites until you find one that suits your needs. Read and understand the rules and privacy statements.

3. Once you have found a social networking website that is “you” go ahead and register. When choosing a user name think of its use if you are registering for business purposes the name should trigger off recall. So curb the flights of fantasy and use a name that is practical and will showcase you to the world.

4. Choose the level of membership. Basic memberships are usually free but paid ones have more features. Begin with a free membership and then upgrade once you are comfortable.

5. Fill the user profile with care and think of how your profile will be distinctive from others. In networking unless your profile stands out you will be one among an ocean of profiles. To draw benefits from the site you need to create a clear profile and maximize it by innovating on the layout.

6. Browse the World Wide Web for templates that are compatible with the social networking site you are registered on. Many templates are free while others are paid. Check before you select one.

7. Try and customize the layout. This will make your profile distinctive and unique. Add style, color, and panache by including clips, photos and more.

8. While customizing the layout think about the purpose of your profile. If its business then try and keep it dignified unless you are in a “hep” line of business like ornaments, cards, or music. Use fonts, colors, and graphics to add style.

9. Ensure that your profile has cohesiveness and actually represents you in every way. What drives traffic on social networking sites is a profile that grabs attention.

10. Network online successfully but pay attention to security and privacy too! Read up on how to protect yourself and ensure that social networking does not put you or your family in any dangers. While there are many positive aspects to social networking there are negatives too.

Read More

How To Backup Ps1/PS2 Games

Okay, these are some methods to backup PS2 titles and Xbox titles, in order to play a backup you need a modchip of some sort, I have also included a tutorial on boot methods. Follow any one of these instructions to fit your needs. You can tell what format the PS2 title is by looking at the written side of the disc, DVD's are Silver and CD's are Purple. The DVD backup methods here consist of reading the image to the hard drive then burning it to the media for an easier backup, this depends on your hardware and its setup. I say that because the proper setup would be to have the Reader and Writer on separate IDE cables. This allows no cross information when doing Disc to Disc/On the fly copying. But, since most people would not know how to check or fix this, I suggest reading the image to your Hard Drive and then burning from there. *A little useful trick*, If the DVD backup "image" is small enough in size you can fit it onto a CD-R (80 minute or larger if need be) instead of using a more expensive DVD-R. I have done this succesfully using Prassi and the first tutorial for it below. In addition a DVD Movie backup will play on a PS2/Xbox without a chip. As I get more info I will update.

PS1/PS2 CD backup tutorial

Using CloneCD (v4.x.xx) for PS1/PS2

• Start CloneCD


• Select "Copy CD"


• Select your Reader, press Next


• Select "Game CD", press Next


• Select/Deselect your options here (on the fly, cue or delete) then press Next


• Select your Writer, press Next


• Select your burn speed and "Game CD"


• Press "OK" to begin

Using Alcohol 120% for PS1/PS2

• Start Alcohol 120%


• Select Copy Wizard


• Select your Reader & Read Speed


• Select or Deselect Copy current disc on the fly


• For Datatype select which console PS1 or PS2, press Next


• Select your Image location and Name for it, press Next


• Select you Writer, Write Speed and anything else you feel you might need


• Make sure the Datatype selected is the same you chose above


• Press Start to begin

PS2 DVD backup tutorials (Using Prassi Primo )

• Start Primo


• Select "go to full application"


• Right Click the drive that has your original in it


• Select "build global image" and choose a path for the image (preferably on an NTFS opsys)


• After the image is extracted go to next step


• Choose the 3rd disc icon from the left *or* click file, new job, Global/Other Image


• Then just burn the .gi (global image) of the game

This next way has one less step which saves some time because once you press record it does everything by itself (if you have a DVD reader and DVD Writer)

• Start Primo


• Use the "PrimoDVD Starter" (it's easier, and less confusing)


• Choose "disc copy"


• Select your Reader and Also your Writer


• Select "make a temp image on HD..."


• Select your burn speed and then record to begin

Using Nero

• Start Nero, Use the Wizard (for easy use)


• Select "DVD" then select Next


• Select "Copy a DVD" then select Next


• Select your source drive


• Check OFF "copy on the fly" then select next


• Select your write speed


• Select either "Test", "Test and Burn" or "Burn"


• Press "Burn" to begin

This next way is without the Wizard

• Start Nero, and select "File" then "New..."


• On upper left side of the window from the drop down menu select "DVD"


• Select "DVD Copy" Icon


• Select "Copy options" tab


• Check OFF "copy on the fly"


• Select source drive and read speed


• If needed Select "Image" tab to choose image directory and select/deselect "delete image..."


• Select "Burn" tab and choose your settings


• Press "Copy" to begin

Using Alcohol 120%

• Start Alcohol 120%


• Select Copy Wizard


• Select your Reader


• For Separate Image file every:choose Never Separate


• Select or Deselect Copy current disc on the fly, press Next


• Select your Image location and Name for it, press Next


• Select you Writer, Write Speed and anything else you feel you might need


• Select or Deselect Delete image file after recording


• Press Start to begin

XBOX backup tutorials

Xbox original games are burned from the outside in. The only way to backup a title is to have a modchip like X-exuter (best), Enigma, or Xodus/Matrix. You also have to flash the bios and have a CD program inserted or installed into the X-Box named EVO-X (this allows you to assign the X-Box an IP address). The game has to be stored on the X-Box's HD, this allows you to file transfer the title to your PC using an ftp program like FlaxhFXP (best) or similar. From there you use a burning application to make the backup. Some applications allows you to "drag & drop" right from the Xbox or you can build an ISO of the image then burn to CD-R/W or DVD-R/W backup. (I will update this to show steps as soon as I have a minute)

Modded PS2 with or without Action Replay/GameShark CD & DVD backup booting methods.

PS2 with NeoKey/Sbox & AR/GS, PS1 CD backup booting

• Turn on PS2 and NeoKey/Sbox


• Press Eject


• Insert PS1 CD backup


• Press reset


• PS2 tray will close


• PS1 CD backup will now boot

PS2 with NeoKey/Sbox & AR/GS, PS2 CD backup booting

• Have AR/GS dongle in a memory card slot


• Power on your PS2


• Insert AR/GS disc


• At the AR/GS menu, select Start Game, With/Without codes


• Eject and swap to your PS2 CD backup and press X.


• Screen will change and game will now boot

Note - Neokey will not play DVD-R!

Note - Old versions of AR2/GS2 you might need to press R1+O instead of X to boot games

PS2 with Neo 2.2, PS1 CD backup booting

• Turn on PS2


• Press Eject


• Insert PS1 CD backup


• Press reset


• PS2 tray will close


• PS1 CD backup will now boot

PS2 with Neo 2.2 & AR/GS, PS2 CD backup booting

• Have AR/GS dongle in a memory card slot


• Power on your PS2


• Insert AR/GS disc


• At the AR/GS menu, select Start Game, With/Without codes


• Eject and swap to your PS2 CD backup and press X.


• Screen will change and game will now boot

PS2 with Neo 2.2 & AR/GS, PS2 DVD backup booting

• 1. Have AR/GS dongle in a memory card slot


• 2. Power on your PS2


• 3. Insert AR/GS disc, close tray


• 4. Power off your PS2, wait a few seconds


• 5. Press and Hold Reset button to load AR/GS


• 6. At the AR2/GS2 menu, press EJECT while still holding Reset


• 7. Swap AR/GS disc for an Original-TOC-DVD* and wait 10 seconds


• 8. Select "AR/GS Codes"


• 9. Highlight "Add new code" and press X to get to the next screen


• 10. Press X three times. You will see "Updating code list please wait" each time)


• 11. Press "Start" on controller


• 12. Select "Without codes", press X


• 13. Then Press X again, and immediately release the Reset button, you will see "Updating code list please wait"


• 14. The PS2 tray will eject allowing you to swap Original-TOC-DVD* for DVD backup and then close on it?s own


• 15. Screen will change and game will now boot

Note - "Original-TOC-DVD" is an original DVD that is a larger file size than the backup

PS2 with Messiah

• PSX Backups will boot directly.


• PS2 CD-R Backups will boot directly.


• PS2 Unpatched EA backups will boot directly.


• PS2 DVD-R Backups will boot directly.

PS2 with Magic 2, 3 or 3.5

• PSX Backups will boot directly.


• PS2 CD-R Backups will boot directly.


• PS2 Unpatched EA backups will boot directly.


• PS2 DVD-R Backups will boot directly.

Ps2 with Apple Mod

• PSX Backups will boot directly.


• PS2 CD-R Backups will boot directly.


• PS2 Unpatched EA backups will boot directly.


• PS2 DVD-R Backups will boot directly.

Downloads / Software you need

• Alcohol 120%


• Nero


• Prassi

Get the hardware from the nearest radioshack :)

Read More

Microsoft Warns of Serious MS-SQL 2000 & 2005 Vulnerability

Another big flaw has been discovered in Microsoft software just a few days after they broke their patch cycle to issue a patch for the IE bug that allowed remote code execution.

This time however it doesn’t really effect home users or the general consumer, it’s a more specific server side vulnerability affecting Microsoft SQL Server 2000 and 2005 versions. It seems pretty serious though as it also appears that this vulnerability if exploited properly could lead to remote code execution.

Just days after patching a critical flaw in its Internet Explorer browser, Microsoft is now warning users of a serious bug in its SQL Server database software. Microsoft issued a security advisory late Monday, saying that the bug could be exploited to run unauthorized software on systems running versions of Microsoft SQL Server 2000 and SQL Server 2005.

Attack code that exploits the bug has been published, but Microsoft said that it has not yet seen this code used in online attacks. Database servers could be attacked using this flaw if the criminals somehow found a way to log onto the system, and Web applications that suffered from relatively common SQL injection bugs could be used as stepping stones to attack the back-end database, Microsoft said.

Desktop users running the Microsoft SQL Server 2000 Desktop Engine or SQL Server 2005 Express could be at risk in some circumstances, Microsoft said.

Again I wonder how far behind the curve Microsoft is with this? Usually these kind of bugs have been discovered by the more malicious parties way before Microsoft has any idea that their software is vulnerable.

It claims that the code hasn’t been used in online attacks, but honestly if it was used well by a smart party who would even know? SQL injection could lead to this attack being executed and the code is published online so I find it unlikely that it hasn’t been used.

The bug lies in a stored procedure called “sp_replwritetovarbin,” which is used by Microsoft’s software when it replicates database transactions. It was publicly disclosed on December 9 by SEC Consult Vulnerability Lab, which said it had notified Microsoft of the issue in April.

“Systems with Microsoft SQL Server 7.0 Service Pack 4, Microsoft SQL Server 2005 Service Pack 3, and Microsoft SQL Server 2008 are not affected by this issue,” Microsoft said in its advisory.

This is the third serious bug in Microsoft’s software to be disclosed in the past month, but it is unlikely to be used in widespread attacks, according to Marc Maiffret, director of professional services, with The DigiTrust Group, a security consulting firm. “It is rather low risk given other vulnerabilities that exist,” he said via instant message. “There are a lot of better ways to currently compromise windows systems.”

The bug was discovered by someone in April this year, so that’s at least 7 months someone has known about it..but only know when the vendor discloses it then Microsoft chooses to say something about it.

It is a fairly low risk vulnerability due to the requirements needed to execute it effectively, but still it’s another chink in the Microsoft armour to add to the (long long) list.

Source: Network World

Read More

Disable Block Invisible Status Checker

If you ask me what should you do if you want you never got check it by invisible checker, then I will answer in 1 years ago there no way you can avoid being checked it by invisible checker. But now, I believe, I found a new ways to protect our self from being checked it by such invisible status detector. Yes, We can block invisible status checker by using Yahoo Messenger Alias ID.



We knew that Alias ID (not main ID) can be set to active and inactive. When Alias ID inactive it would like Dead ID and the invisible checker would mark it as offline ID. So just use Alias ID as your main chat ID, and then feel free to inactive or activate it.



Instead of invisible using invisible status, inactive ID would make better protection for us. Including for boot attack and invisible checker.



How to use Alias aka Secondary Public ID as your main Chat ID and protect block Invisible Status Detector you can read it here.

Read More

EPassports - Make Terrorist Dreams Come True

 many governments who are very keen of introducing new electronic means of identification have virtually no idea of what they are actually introducing? They claim it will make identification easier, securer and thwart document forgery.

The latest “proof” is a video by dutch security researcher Elvis Aaron Presley, sorry Jeroen van Beek, who managed to create a blank working document that was accepted at Amsterdam airport in September 2008.

The essence of the test was to show that ePassports can be easily forged. This essentially means that anyone with the technical knowledge can alter the picture, name, nationality, DOB and other credentials with ease.

If you need proof that Elvis is still alive then the following video might convince you.. I mean, it is an ePassport, a secure and reliable passport. Ain’t it?

Check out the thc epassport page for all the information about the current insecurities.

Read More

Morris Worm To Turn 20

Robert Tappan Morris is a character of Internet lore, anyone who has studied Computer Science, Software Engineering or Computer Security will have heard of this guy.

He’s pretty much the fellow that made the Internet famous (for all the wrong reasons) and the first creator of a bit of self-replicating network based malware (now known as a worm) that did some serious damage. The worm is called the Morris Worm after it’s creator and this Sunday will be it’s 20 year anniversary.



It’s an interesting story to read if you are familiar with it and probably even more interesting if you’re not, so do check out the Wiki pages on the history of the situation.

There have been very few worms that have caused such widespread infection and failures. Blaster was quite memory and on the virus front I remember CIH was terrible.

Source: Network World

Read More

Nigeria needs more workers for Internet security

Nigeria needs about 6,000 qualified Licensed Penetration Testers (LPTs) to manage its Internet security issues optimally, according to Sanjay Bavisi, president of the EC-Council University.

Speaking at the IT Job Fair 2008 organized by Lagos IT training institute New Horizons, Bavisi lamented the fact that Nigeria has only one LPT as of now, despite the country's large population and its attendant Internet security matters.

Read the latest WhitePaper - Protecting Data on Laptops: Why Encryption Isn't Enough

Moved by this situation and the estimated 20,000 job fair participants, Bavisi offered scholarships worth US$44,000 to outstanding students. The offer attracted a rush among youth attendees, who would be required to pass a pre-registration test and meet basic requirements as conditions of the scholarship.

LPTs are licensed to use "LPT Audited" logos in their projects and, in some cases, are referred to as "ethical hackers."



As corporate organizations search for individuals who can analyze vulnerabilities of the network and be trusted not to disclose those vulnerabilities to competitors, penetration testers are in high demand, Bavisi said.

"Licensed Penetration Testers are preferred over non-licensed ones by companies for recruitments and assignments," he added.

EC-Council University is an information security training institute with branches in more than 60 countries.

Read More

Google’s Orkut Hit by Data Stealing Worm

So just a few days about there was a new MSN Worm - BlackAngel.B, before that the Yahoo! e-mail worm, long before that of course the MySpace worm and a few others not notable enough to mention.

And of course plenty of nasty Trojans.

A new Internet worm capable of stealing bank details and other personal data from users is circulating via Orkut, Google Inc.’s social networking service, a computer security company warned on Monday.

Instant-messaging service provider FaceTime Communications said its software security lab had detected the spread of the electronic virus, the third such threat to disseminate itself via messages posted on Orkut users personal Web pages.

Google’s service, while available globally, is wildly popular among Brazilians which make up the bulk of its users.

The malicious program, dubbed by FaceTime as “MW.Orc,” works its way onto users’ personal computers when they click on infected links on Orkut scrapbook pages. The link is followed by a message in Portuguese that entices the user to click.

It seems this is not the first time Orkut has been hit, this one however goes after personal details of a more valuable nature.

Once the link is activated, a file is uploaded to the PC, according to a description of how the worm works contained in a statement by the Foster City, California-based company.

When infected Orkut users using Microsoft Corp.’s widely used Windows XP operating system to find personal files on their PCs through their “My Computer” icon, that triggers an e-mail back to the creator of MW.Orc creator filled with personal information stored on the PC, FaceTime said.

The earlier attempt seemed to be more of a phishing affair.

The new threat to Orkut follows an earlier worm, Banker-BWD, which was uncovered by Sophos, an anti-virus company.

That malicious software also disseminated itself through Orkut’s scrapbook pages, but automatically transferred the victims to fake Web pages of banks in order to entice the users to enter personal data that can then be stolen by the hackers.

Source:Darknet

Read More

Google Announces limited API support for OpenID 2.0

Google announced it’s support for OpenID 2.0 protocol. So now with your existing Google account you can login and use other sites. I think this move was made after Microsoft announcing that they will give an OpenID for all its Windows Live users. This new log-in offering is not available to all site owners. But you can apply for it using the sign-up form. Zoho, Plaxo and Buxfer are the launch partners for this new API.

Google’s OpenID implementation doesn’t directly give your OpenID identifier to other sites, instead it acts as a middleman, authorizing you through it before it hands it over. Now a wide range of largest web service providers like Google, Yahoo, Microsoft, MySpace etc are using OpenID.

Google had announced that it is planning to combine the OAuth and OpenID protocol so that a service can not only request a user’s identity through OpenID, but also “request access to information available via OAuth-enabled APIs such as Google Data APIs as well as standard data formats such as Portable Contacts and OpenSocial REST APIs.”

Read More

Google Funded Satellites to provide High Speed Internet by 2010

Now Google is on a new mission to provide high speed internet access to all even those who are not connected till now in the world. In venture with HSBC and Liberty Global it has come up with a startup named O3b networks which clearly means for Other 3 billion people who still can’t have proper access to the Internet. This will be accomplished with an equipment of 16 satellites which are of low cost in order to provide access that can be afforded mainly for the growing markets and upcoming parts of the world like Africa, Middle East, Asia and Latin America. It will be made available to use by 2010 with service being provided and is a good substitute for global networks which used fiber networks even in case of developed nations.

There will direct connectivity to WiMax 3G supportive devices and towers for areas with no option now. There will be access to Telecom carriers and service providers of respective regions directly and even to the Internet service providers, enabling them to provide broadband based services to all of them.Speed will definitely be relatively close to that of the America and with much better cost effective way for the growing markets. The motive for this mission was idea from a similar kind of Mission accomplished in some part of Africa. The system will support all future expansions and is by one of those who were responsible for introduction of 3G fiber networks in Africa and a member of O3b. All backward areas were kept in mind by Google for this project and will be globally beneficial in all the ways.



This development is interesting and will make many political conversations and collaborations easier where no proper person to person communication exists mainly in case of borders. There are some critical issues needs to be addressed and even its impact. One such is government interventions, regulations, classes and accessibility. 03b is anyhow positive about this mission since it eliminates the distance between people which used to be in the past and often read in the books.

Read More

Send Pictures Easily Using Your Gmail account With iPhoto2Gmail

iPhoto2Gmail is an iPhoto plug-in that will help you to easily send Images using your Gmail account. This plugin works with iPhoto 5, 6, 7 and 08. You dont even need to Install or configure an email application. You can send your original Images or you can also resize the pictures and send them as JPEG’s. This will help you to save your time. iPhoto2Gmail integrates Gmail Contacts. So you can easily select your desired contacts and send them your Images.

The latest version retrieves the contacts using Google’s GData framework. Now you can also cancel in-progress email sending. It works with Mac OS X 10.4 or later.

Download iPhoto2Gmail

Read More

Measure the Number of Page Views on any Site

Statbrain is a online web stats tools that helps you guess the number of page views on any site using a combination of Alexa rank, backlink counts from Google, Yahoo and some other unknown factors.





Don’t expect it to be too accurate, but if you want a very rough estimate for any site, this could be useful.

This could be very handy for advertisers or people who are interested in measuring rough traffic on a competitor’s website.

You may also want to checkout Google Trends as they are pretty accurate.

StatBrain gives an estimate about number of visits and not unique visitors or page views. If that sounds confusing, let me explain:

Read More

Recover GMail, AOL, Yahoo or Windows Live Passwords

MessenPass is a free password cracking tool that will easily reveal passwords of your AOL, Yahoo! Messenger, Google Talk, MSN or any other instant messenger clients.



Since most messengers (like Google Talk or Yahoo! Messenger) require the same username / password combination to login as the mail account, MessenPass can effectively be used to recover your (or someone else's) Google Account, AOL or Yahoo! Mail password.



And it works like a charm. [I was absolutely shocked to see my GMail password on the screen the moment I ran this 47 kb utility]



MessenPass works only if you have selected the "Remember Password" setting while logging into your messenger program. It detects the Instant Messenger applications installed on your computer, decrypts the passwords they store, and displays all user name/password pairs in a text or Excel file.



This may be a useful but quite dangerous tool as well - it's so small that it can run off your USB drive and requires no installation - imagine while you are on a trip to the pantry for a cup of coffee and anyone can access your login credentials by plugging in the USB drive.



The only workaround is to deselect the "Remember password" while starting your IM client. MessenPass doesn't crack Skype or Hotmail passwords yet.



Download MessenPass [IM Password Recovery Software]

Read More

New Gmail SMS feature delayed for two weeks

An exciting feature for Gmail was announced today, but it turned out to be a false alarm for now. Google announced they will be adding SMS capability to Gmail so you can text people from right from there. Additionally, getting a response from the person is just as simple.

When a someone receives a text message from you (that you sent from Gmail), replies are simply delivered to your Gmail account — this makes it very easy to communicate with people that are offline, but through a familiar interface.

How does this work? Well, when you send a message to someone, it will be sent from one of 1000 phone numbers Google has reserved for this purpose. Gmail will then reserve that phone number for you to communicate with that single person. Each person you contact will be assigned a different phone number from the pool. This works because any one person will probably never need to contact 1000 different people like this.

Once it’s officially launched, the SMS feature will be available in Gmail labs — just like most of the new features they have added recently — including adding your Google calendar to your Gmail account. Just click on the labs icon beside the “settings” link, and go from there.

Read More

23 hidden windows apps

To run any of these apps go to Start > Run and type the executable name:



1) Character Map = charmap.exe (very useful for finding unusual characters)



2) Disk Cleanup = cleanmgr.exe



3) Clipboard Viewer = clipbrd.exe (views contents of Windows clipboard)



4) Dr Watson = drwtsn32.exe (Troubleshooting tool)



5) DirectX diagnosis = dxdiag.exe (Diagnose & test DirectX, video & sound cards)



6) Private character editor = eudcedit.exe (allows creation or modification of characters)



7) IExpress Wizard = iexpress.exe (Create self-extracting / self-installing package)



8 Mcft Synchronization Manager = mobsync.exe (appears to allow synchronization of files on the network for when working offline. Apparently undocumented).



9) Windows Media Player 5.1 = mplay32.exe (Retro version of Media Player, very basic).



10) ODBC Data Source Administrator = odbcad32.exe (something to do with databases)



11) Object Packager = packager.exe (to do with packaging objects for insertion in files, appears to have comprehensive help files).



12) System Monitor = perfmon.exe (very useful, highly configurable tool, tells you everything you ever wanted to know about any aspect of PC performance, for uber-geeks only )



13) Program Manager = progman.exe (Legacy Windows 3.x desktop shell).



14) Remote Access phone book = rasphone.exe (documentation is virtually non-existant).



15) Registry Editor = regedt32.exe [also regedit.exe] (for hacking the Windows Registry).



16) Network shared folder wizard = shrpubw.exe (creates shared folders on network).



17) File siganture verification tool = sigverif.exe



18 Volume Contro = sndvol32.exe (I've included this for those people that lose it from the System Notification area).



19) System Configuration Editor = sysedit.exe (modify System.ini & Win.ini just like in Win98! ).



20) Syskey = syskey.exe (Secures XP Account database - use with care, it's virtually undocumented but it appears to encrypt all passwords, I'm not sure of the full implications).



21) Mcft Telnet Client = telnet.exe



22) Driver Verifier Manager = verifier.exe (seems to be a utility for monitoring the actions of drivers, might be useful for people having driver problems. Undocumented).



23) Windows for Workgroups Chat = winchat.exe (appears to be an old NT utility to allow chat sessions over a LAN, help files available).



Note:- Some of them might not run in Windows XP Home edition

Read More

Send SMS Text Messages from your GMail Account

now send SMS text messages to anyone in your Gmail address book right from the Gmail website.

Go to your Gmail Labs settings and enable the "Text Messaging (SMS) in Chat" feature. The facility is currently available only for US phone numbers.



You can send (and receive) text messages via the embedded chat in Gmail website but not from the standalone Google Talk client. Yahoo! Mail, Windows Live Messenger and AOL AIM service have had the SMS messaging feature for quite some time now

Read More

Best Offline Apps For Your iPhone/iPod Touch

Evernote

The newest version of the popular Evernote note-taking app introduced one of the most requested features: offline notes. Through a new button called "favorites," you can mark notes for offline access. If you have Evernote on your iPhone already (who doesn't?), then check the app store for updates because this one is a must-have. Evernote newbies can just download the app now.

Stanza

The Stanza ebook reader lets you port reading material from your computer to your iPhone wirelessly so you can take your books with you when you're out and about. Once loading up with books, you can read them anytime, whether or not you have an internet connection. Download Stanza here. (Another option is Readdle, or check out our previous article for even more ebook readers.)

Instapaper

The Instapaper bookmarking tool for iPhone lets you bookmark web pages for offline reading. As any iPod Touch user knows, mobile Safari's tendency to auto-refresh pages means you can't open up web pages and save them for later reading offline. You could also choose to buy the Pro version for $9.99 which uncaps that limit while also adding other features like tilt scrolling and an adjustable text size. Download here.

Encyclopedia

The Encyclopedia app from Steam Heavy Industries delivers a complete copy of Wikipedia to your iPhone/iPod Touch for offline access. By complete they mean the complete article text, but not references, image descriptions, user profiles, etc. Being warned, though, this app needs quite a bit of storage space: 2 GB. Download here.

NYTimes

The NYTimes iPhone app lets you read the news from the New York Times right on your iPhone. You can navigate through the stories quickly, select up to four favorite sections for one-touch access, choose to browse by photos which link to the stories upon touch, and, of course, read the news offline.

MiGhtyDocs

The MiGhtyDocs iPhone application takes your Google documents offline for access anywhere. You can't edit them and save your changes, but at least you can get to them. Currently, only text documents and spreadsheets are supported. No word on slideshows yet.

An RSS Reader

There are actually quite a few RSS readers available from the iTunes App store, many which sync with your Google Reader for offline access. However, this author's personal favorite is Byline, a $2.99 app which offers a 2-way sync with Google Reader. You can even star, share, add notes, and email your RSS feeds, just like in Google Reader itself. To really juice it up with tons of feeds for an extended period of offline time, go into your Settings app and configure it to archive 200 items instead of its default limit.

Read More

Check Out Remember The Milk Gmail Gadget

When Google Labs launched its Gmail gadgets for Google Calendar and Docs last week, there was actually a third gadget that they included in the release. But we didn't cover that gadget because it was a little too cryptic to explain without an example of how it might work.

Luckily for us, Remember The Milk was hard at work creating a gadget that would help us do exactly that. Now we can finally explain the third Labs Gmail gadget and check that task off our list - from within Gmail. All thanks to RTM.

What RTM offers - in gadget form - is the to-do list that Gmail users have been asking Google to build, and RTM does an admirable job of satisfying those requests.

Using the new gadget, Remember The Milk users get task and to-do functionality in the Gmail sidebar, allowing them to review, add, edit, and manage tasks, without ever leaving the comfort of the Gmail interface.

So how does the functionality of RTM get into the Gmail sidebar? Via a Labs gadget called "Add any gadget by URL." True to its name, the gadget allows users to add third-party gadgets to the Gmail interface by referencing a URL. But what exactly does that mean? Would RSS work? Would any URL turn that content into a gadget? Not exactly.

According to the Gmail blog that means:

There's a third Lab that allows you to add any gadget by pasting in the URL of its XML spec file (e.g. http://www.google.com/ig/modules/youtube_videos.xml). We realize this isn't very user friendly right now; it's a sandbox mainly aimed at developers who want to play around with gadgets in Gmail.

Now you see why we were waiting for an example.

Using the RTM gadget? Simple. Adding it? Not so much. But we'll walk you through it. To get the RTM gadget installed, head over to Labs, activate the "Add any gadget by URL" gadget, grab the RTM gadget XML spec file URL, go back to the Gmail gadgets tab to paste in the URL, and then return to your Gmail inbox to find Remember The Milk in the sidebar.

By Google's own admission, not intuitive. But let's step back a second. There's something much bigger happening here.

RTM Demonstrates the Openness of the Gmail Platform

With the advent of the add-by-URL gadget, the Gmail format has now become wide open to outside developers. No app store. No gating mechanism. No browser-based scripts. Simply direct access to the Gmail sidebar, allowing developers to add any gadget that they can concoct.

That's pretty big news.

Why? Because now when you wish you had something else in the Gmail sidebar - like a to-do list for instance - you don't have to wait for Google anymore. You can build it. Or you can get a developer to build it for you. And you can share it with others.

What's more, it doesn't have to be free. It could be a for-pay gadget. At least that's how the Remember The Milk model works. While RTM offers a free version, they will likely attract new users who will take the opportunity to upgrade to a Pro account for $25 a year.

A must-have gadget for an open platform that continues to grow in popularity - and a revenue stream? RTM may have to add the development of a few more thoughtful gadgets to their list of things to do.

What's the next third-party gadget to take advantage of this new functionality? That's anyone's guess. But it will be really interesting to see how creative developers leverage this new Labs gadget and the access it provides.

Read More

Top Firefox Add-ons

Are you a Firefox user? If so, this feature is especially for you. There are plenty who still use IE, but the popularity of Firefox is rising, with more and more users getting hooked to it. I like Firefox mainly for the add-on plugins, which are easily available on the official website. You will find scores of them, but I shall list the five I find most interesting. There are so many options that no two persons will have the same list. So if you have anything to add, or if you disagree with me, do leave a comment. It will provide readers with more options.



Stumble Upon

This is simply the best add-on any Web browser could use. It appeals mainly to those who love to go through anything interesting on the World Wide Web. The way it works is very simple: after installing it you will see an icon on the top left of your browser. Every time you have the time, just click it and it will take you to any of the sites that other stumble users have tagged as "I Like".

It could be anything; an interesting Flickr account, or an obscure site with 3D fractal generators. If you like what you are reading, you can even write a review. It's all available to you at a click of a button.

That's not all. Interestingly, the site maintains a tab of what you like and what you have shrugged off as boring, and will regularly display content that matches your tastes. In fact, if you discover a website that you like, you can add it to the list for others to see as well.

You can get the plugin here.



Me.dium

Me.dium comes in handy when you make travel/movie plans with friends. How? "Be social when you surf the Web" is what the guys who made Me.dium tell you. Simply put, this plugin allows you to chat and surf the same web page (with your friends) at the same time.

To do this, everybody in your social circle will need to install this plugin, and add each other as friends. You will see your friends on your Me.dium network  list (on the left of the browser). Below each name will be a link to what they are surfing presently. This especially comes in useful when everyone is researching the same topic.

Don't worry; it won't take your friends to your Gmail account if that's what's bothering you. One thing to remember is that by installing this plugin you are allowing Me.dium to gain access to your surfing history. It works across Facebook, YouTube, StumbleUpon, MySpace, Flickr, Digg, Yahoo, and Google.

Get the plugin here.

Better Gmail 2

Ever since it launched (and even before it actually did), Gmail's gained prominence. I don't know anyone who isn't on it. So it makes sense to talk about a plugin that improves the way you use Gmail.

Better Gmail 2 does exactly what the name suggests. Apart from being able to change the skin at the click of a button, you get many other options. Firstly, every mail with attachments will have the respective display icons in the inbox, so you'll know whether it's (say) a word file or a PDF.

One important tweak this plugin offers is that every mailto: link you click will in turn be diverted to your Gmail account, rather than the erstwhile .Outlook express You can also learn additional keyboard shortcuts. That's brilliant, I think.

You can get the plugin here.



DownThemAll

I use this so often that I don't know what I'd do without it. On the face of it, DownThemAll is promoted as a download accelerator that's capable of increasing speeds by 400 percent. It gives you 'pause' and 'resume' options, and the best part is it allows you to download all the links or images on a web page by clicking a single button.

After installing, if you right-click on any page (say, Flickr) and click on DownThemAll, it will show a window with all the available pictures and download links. You can select what you like and start downloading. With this plugin you won't need an external download manager.

Get the plugin here.



Fast Video Download

I'm sure many of you techies will have this already installed. For the clueless, it's a useful plugin for YouTube fans. It allows you to download vedios from sites such as hi5.com, metacafe.com, vids.myspace.com, YouTube, and more.

A small icon at the bottom right of the browser page will show up after the plugin is installed. All you need to do is surf to the page where the video is streaming, and click on the icon. It will ask you if you would like to download it. Click on 'yes' and you are done. For downloading from YouTube, you will need an FLV player. Download it from the official website, or just get the VLC media player

Get the plugin here.

Read More